599 research outputs found
A Defense Framework Against Denial-of-Service in Computer Networks
Denial-of-Service (DoS) is a computer security problem that poses a serious challenge totrustworthiness of services deployed over computer networks. The aim of DoS attacks isto make services unavailable to legitimate users, and current network architectures alloweasy-to-launch, hard-to-stop DoS attacks. Particularly challenging are the service-level DoSattacks, whereby the victim service is flooded with legitimate-like requests, and the jammingattack, in which wireless communication is blocked by malicious radio interference. Theseattacks are overwhelming even for massively-resourced services, and effective and efficientdefenses are highly needed. This work contributes a novel defense framework, which I call dodging, against service-level DoS and wireless jamming. Dodging has two components: (1) the careful assignment ofservers to clients to achieve accurate and quick identification of service-level DoS attackersand (2) the continuous and unpredictable-to-attackers reconfiguration of the client-serverassignment and the radio-channel mapping to withstand service-level and jamming DoSattacks. Dodging creates hard-to-evade baits, or traps, and dilutes the attack "fire power".The traps identify the attackers when they violate the mapping function and even when theyattack while correctly following the mapping function. Moreover, dodging keeps attackers"in the dark", trying to follow the unpredictably changing mapping. They may hit a fewtimes but lose "precious" time before they are identified and stopped. Three dodging-based DoS defense algorithms are developed in this work. They are moreresource-efficient than state-of-the-art DoS detection and mitigation techniques. Honeybees combines channel hopping and error-correcting codes to achieve bandwidth-efficientand energy-efficient mitigation of jamming in multi-radio networks. In roaming honeypots, dodging enables the camouflaging of honeypots, or trap machines, as real servers,making it hard for attackers to locate and avoid the traps. Furthermore, shuffling requestsover servers opens up windows of opportunity, during which legitimate requests are serviced.Live baiting, efficiently identifies service-level DoS attackers by employing results fromthe group-testing theory, discovering defective members in a population using the minimumnumber of tests. The cost and benefit of the dodging algorithms are analyzed theoretically,in simulation, and using prototype experiments
A Survey of Security in UAVs and FANETs: Issues, Threats, Analysis of Attacks, and Solutions
Thanks to the rapidly developing technology, unmanned aerial vehicles (UAVs)
are able to complete a number of tasks in cooperation with each other without
need for human intervention. In recent years, UAVs, which are widely utilized
in military missions, have begun to be deployed in civilian applications and
mostly for commercial purposes. With their growing numbers and range of
applications, UAVs are becoming more and more popular; on the other hand, they
are also the target of various threats which can exploit various
vulnerabilities of UAV systems in order to cause destructive effects. It is
therefore critical that security is ensured for UAVs and the networks that
provide communication between UAVs. In this survey, we aimed to present a
comprehensive detailed approach to security by classifying possible attacks
against UAVs and flying ad hoc networks (FANETs). We classified the security
threats into four major categories that make up the basic structure of UAVs;
hardware attacks, software attacks, sensor attacks, and communication attacks.
In addition, countermeasures against these attacks are presented in separate
groups as prevention and detection. In particular, we focus on the security of
FANETs, which face significant security challenges due to their characteristics
and are also vulnerable to insider attacks. Therefore, this survey presents a
review of the security fundamentals for FANETs, and also four different routing
attacks against FANETs are simulated with realistic parameters and then
analyzed. Finally, limitations and open issues are also discussed to direct
future wor
Machine Learning in IoT Security:Current Solutions and Future Challenges
The future Internet of Things (IoT) will have a deep economical, commercial
and social impact on our lives. The participating nodes in IoT networks are
usually resource-constrained, which makes them luring targets for cyber
attacks. In this regard, extensive efforts have been made to address the
security and privacy issues in IoT networks primarily through traditional
cryptographic approaches. However, the unique characteristics of IoT nodes
render the existing solutions insufficient to encompass the entire security
spectrum of the IoT networks. This is, at least in part, because of the
resource constraints, heterogeneity, massive real-time data generated by the
IoT devices, and the extensively dynamic behavior of the networks. Therefore,
Machine Learning (ML) and Deep Learning (DL) techniques, which are able to
provide embedded intelligence in the IoT devices and networks, are leveraged to
cope with different security problems. In this paper, we systematically review
the security requirements, attack vectors, and the current security solutions
for the IoT networks. We then shed light on the gaps in these security
solutions that call for ML and DL approaches. We also discuss in detail the
existing ML and DL solutions for addressing different security problems in IoT
networks. At last, based on the detailed investigation of the existing
solutions in the literature, we discuss the future research directions for ML-
and DL-based IoT security
A Survey on Wireless Security: Technical Challenges, Recent Advances and Future Trends
This paper examines the security vulnerabilities and threats imposed by the
inherent open nature of wireless communications and to devise efficient defense
mechanisms for improving the wireless network security. We first summarize the
security requirements of wireless networks, including their authenticity,
confidentiality, integrity and availability issues. Next, a comprehensive
overview of security attacks encountered in wireless networks is presented in
view of the network protocol architecture, where the potential security threats
are discussed at each protocol layer. We also provide a survey of the existing
security protocols and algorithms that are adopted in the existing wireless
network standards, such as the Bluetooth, Wi-Fi, WiMAX, and the long-term
evolution (LTE) systems. Then, we discuss the state-of-the-art in
physical-layer security, which is an emerging technique of securing the open
communications environment against eavesdropping attacks at the physical layer.
We also introduce the family of various jamming attacks and their
counter-measures, including the constant jammer, intermittent jammer, reactive
jammer, adaptive jammer and intelligent jammer. Additionally, we discuss the
integration of physical-layer security into existing authentication and
cryptography mechanisms for further securing wireless networks. Finally, some
technical challenges which remain unresolved at the time of writing are
summarized and the future trends in wireless security are discussed.Comment: 36 pages. Accepted to Appear in Proceedings of the IEEE, 201
Securing Intrusion Detection Systems in IoT Networks Against Adversarial Learning: A Moving Target Defense Approach based on Reinforcement Learning
Investigating the use of moving target defense (MTD) mechanisms in IoT networks is ongoing research, with unfathomable potential to equip IoT devices and networks with the ability to fend off cyber attacks despite the computational deficiencies many IoT ecosystems typically have. The AI community has extensively studied adversarial threats and attacks on machine learning-based systems, emphasizing the need to address the potential compromise of anomaly-based intrusion detection systems (IDS) through adversarial attacks. Another concept that has gained significant attention in the networking community is Game Theory. Protecting any given network is almost a never-ending battle between the attacker and defender, and hence a natural game of competitors can be modelled based on one’s parametric specifications to gain more insight into how attackers might interact with one’s system. The goal of this thesis is to propose a comprehensive, experimentally verifiable game-theoretic model of MTD in IoT networks to secure the IDS against adversarial attacks. Once a game with state transitions based on given actions can be modelled, reinforcement learning is used to develop policies based on various episodes (rounds) of the game, ultimately optimizing network decisions to minimize successful attacks on machine learning-based IDS. The state-of-the-art ToN-IoT dataset was investigated for MTD feasibility to implement the feature-based MTD approach. The overall performance of the proposed MTD-based IDS was compared to a conventional IDS by analyzing the accuracy curve of the MTD-based IDS and the conventional IDS for varying attacker success rates and resource demands. Our approach has proven effective in securing the IDS against adversarial learning.Master of Science in Applied Computer Scienc
Towards Cyber Security for Low-Carbon Transportation: Overview, Challenges and Future Directions
In recent years, low-carbon transportation has become an indispensable part
as sustainable development strategies of various countries, and plays a very
important responsibility in promoting low-carbon cities. However, the security
of low-carbon transportation has been threatened from various ways. For
example, denial of service attacks pose a great threat to the electric vehicles
and vehicle-to-grid networks. To minimize these threats, several methods have
been proposed to defense against them. Yet, these methods are only for certain
types of scenarios or attacks. Therefore, this review addresses security aspect
from holistic view, provides the overview, challenges and future directions of
cyber security technologies in low-carbon transportation. Firstly, based on the
concept and importance of low-carbon transportation, this review positions the
low-carbon transportation services. Then, with the perspective of network
architecture and communication mode, this review classifies its typical attack
risks. The corresponding defense technologies and relevant security suggestions
are further reviewed from perspective of data security, network management
security and network application security. Finally, in view of the long term
development of low-carbon transportation, future research directions have been
concerned.Comment: 34 pages, 6 figures, accepted by journal Renewable and Sustainable
Energy Review
- …